this post was submitted on 14 Aug 2023
1 points (100.0% liked)

The War Room

1 readers
1 users here now

Community for various OSINT news and subject matter for open discussion or dissemination elsewhere

founded 1 year ago
MODERATORS
 

Microsoft enables Windows Kernel CVE-2023-32019 fix for everyone

Windows Defender logo

Microsoft has enabled a fix for a Kernel information disclosure vulnerability by default for everyone after previously disabling it out of concerns it could introduce breaking changes to Windows.

The vulnerability is tracked as CVE-2023-32019 and has a medium severity range 4.7/10, with Microsoft rating the flaw as 'important' severity.

The bug was discovered by Google Project Zero security researcher Mateusz Jurczyk, and it allows an authenticated attacker to access the memory of a privileged process to extract information.

While it is not believed to have been exploited in the wild, Microsoft initially released the security update with the fix disabled, warning that it could cause breaking changes in the operating system.

"The resolution described in this article introduces a potential breaking change. Therefore, we are releasing the change disabled by default with the option to enable it," explained Microsoft.

Instead, Windows users had to enable the update manually by adding the following registry values under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides key:

  • Windows 10 20H2, 21H2, 22H2: Add a new DWORD registry value named 4103588492 with a value data of 1
  • Windows 11 21H2: Add a new DWORD registry value named 4204251788 with a value data of 1
  • Windows 11 22H2: Add a new DWORD registry value named 4237806220 with a value data of 1
  • Windows Server 2022: Add a new DWORD registry value named 4137142924 with a value data of 1

However, Microsoft would not share what conflicts could arise from enabling the update, simply telling BleepingComputer at the time that it would be enabled by default in the future.

This uncertainty led to many Windows admins not deploying the fix out of fear it would cause problems in their Windows installations.

As first spotted by Neowin, Microsoft has now enabled the fix for CVE-2023-32019 by default in the August 2023 Patch Tuesday updates.

"The resolution described in this article has been released enabled by default. To apply the enabled by default resolution, install the Windows update that is dated on or after August 8, 2023." explains Microsoft in an update to its support bulletin.

"No further user action is required."

BleepingComputer has spoken to numerous Windows admins about this update, and none have reported issues with this change enabled.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here